[Snort-users] HP Printers - SNMP Public Access udp

Jason snort-users at ...2977...
Tue Nov 18 10:49:51 EST 2003


> I'm new to Snort and have been tweaking my configuration for the past
> couple of weeks.  I've been noticing a LOT of "SNMP Public Access udp"
> alerts being generated.  They appear to be caused by clients (appear to be
> Win2K) connecting to HP Printers containing Jet Direct cards.  I was
> considering writing pass rules to avoid these alerts, but am wondering if
> that's a good idea.  Has anyone seen this sort of network activity?  Does
> it indicate something configured incorrectly either on the client or with
> the Jet Direct unit?

Its not only HP printers, but Xerox, canonn... in fact, almost any printer
that communicates with the workstations so to provide printer status info
(how much ink/toner, how full the paper trays are, if your printer
supports 2 sided printing and stapling etc) use snmp.  I get about 25000
snmp alerts a day due to the hundreds of printers in the org I work at.  I
have been individually ignoring printer IP's via bpf and suppression
rules.
>
> Any suggestions would be appreciated.
>
> Thanks,
> Bob





More information about the Snort-users mailing list